A Comprehensive Risk Management Approach to Information Security in Intelligent Transport Systems 11-04-01-0003
This also appears in
SAE International Journal of Transportation Cybersecurity and Privacy-V130-11EJ
Connected vehicles and intelligent transportation systems are currently evolving into highly interconnected digital environments. Due to the interconnectivity of different systems and complex communication flows, a joint risk analysis for combining safety and security from a system perspective does not yet exist. We introduce a novel method for joint risk assessment in the automotive sector as a combination of the Diamond Model, Failure Mode and Effects Analysis (FMEA), and Factor Analysis of Information Risk (FAIR). These methods have been sequentially composed, which results in a comprehensive risk management approach to information security in an intelligent transport system (ITS). The Diamond Model serves to identify and structurally describe threats and scenarios, the widely accepted FMEA provides threat analysis by identifying possible error combinations, and FAIR provides a quantitative estimation of probabilities for the frequency and magnitude of risk events. We present the methodology and its step-by-step application on a practice-oriented automotive use case. As a result of this risk management approach, we can finally provide quantitative values from FAIR instead of a qualitative categorization, enabling a more accurate assessment of risks and prioritization of their mitigation. Simultaneously, the FMEA ensures complete risk identification at a component level. The approach is transparent, reusable, and can be adjusted to new estimations or insights easily and at any time, thus addressing the complexity and diversity of services in the transportation domain.
Citation: Vogt, T., Spahovic, E., Doms, T., Seyer, R. et al., "A Comprehensive Risk Management Approach to Information Security in Intelligent Transport Systems," SAE Int. J. Transp. Cyber. & Privacy 4(1):39-58, 2021, https://doi.org/10.4271/11-04-01-0003. Download Citation
Tom Vogt, Edvin Spahovic, Thomas Doms, Rainer Seyer, Heinz Weiskirchner, Klaus Pollhammer, Thomas Raab, Stefan Rührup, Martin Latzenhofer, Christoph Schmittner, Markus Hofer, Arndt Bonitz, Carina Kloibhofer, Sebastian Chlup
TÜV Austria, Austria, AIT Austrian Institute of Technology, Austria
Failure modes and effects analysis
Intelligent transportation Systems
Subscribers can view annotate, and download all of SAE's content.
Learn More »